[OFBIZ-11349] The "stream" request-map in ecommerce and commonext controllers requires authentication - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Release Branch 18.12, Release Branch 17.12, Trunk
Fix Version/s: 17.12.01, 18.12.01
Component/s: commonext, ecommerce
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

For security reason, the "stream" request-map

in ecommerce controller have been temporarily commented out.
in commonext controller has been changed to require authentication.

We will need to

put back the functionnalities allowed by the "stream" request-map in ecommerce .
later check that mandatory authentication in commonext controller no impact.

Eventually it turned out that we simply needed to require authentication in both cases (back and front ends). Because in ecommerce/ecomseo webapps the stream request is only used to post images in blog entries an you need to be logged in to do so.

Attachments

Issue Links

is related to

OFBIZ-11348 Temporarily comment out the "stream" request-map in ecommerce controller for security reason

Closed

relates to

OFBIZ-11353 For security reason require authenticationfor the "stream" request-map in commonext controller.xml

Closed

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Feb/20 06:00

Updated:: 19/Feb/20 13:14

Resolved:: 19/Feb/20 13:12